National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,052 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2015-4363

Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Published: June 15, 2015; 10:59:17 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4362

Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.

Published: June 15, 2015; 10:59:16 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4361

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.

Published: June 15, 2015; 10:59:15 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4360

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors.

Published: June 15, 2015; 10:59:14 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4359

Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:13 AM -04:00
V2: 3.5 LOW
CVE-2015-4358

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.

Published: June 15, 2015; 10:59:12 AM -04:00
V2: 3.5 LOW
CVE-2015-4357

Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.

Published: June 15, 2015; 10:59:11 AM -04:00
V2: 3.5 LOW
CVE-2015-4356

Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.

Published: June 15, 2015; 10:59:10 AM -04:00
V2: 3.5 LOW
CVE-2015-4355

Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors.

Published: June 15, 2015; 10:59:09 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4354

Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:08 AM -04:00
V2: 3.5 LOW
CVE-2015-4353

Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors.

Published: June 15, 2015; 10:59:08 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4352

Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.

Published: June 15, 2015; 10:59:07 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4351

The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.

Published: June 15, 2015; 10:59:06 AM -04:00
V2: 4.9 MEDIUM
CVE-2015-4350

Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.

Published: June 15, 2015; 10:59:05 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4349

Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.

Published: June 15, 2015; 10:59:04 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4348

SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.

Published: June 15, 2015; 10:59:03 AM -04:00
V2: 6.0 MEDIUM
CVE-2015-4347

Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.

Published: June 15, 2015; 10:59:02 AM -04:00
V2: 4.3 MEDIUM
CVE-2015-4346

Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.

Published: June 15, 2015; 10:59:02 AM -04:00
V2: 2.6 LOW
CVE-2015-4345

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: June 15, 2015; 10:59:01 AM -04:00
V2: 5.0 MEDIUM
CVE-2015-4344

The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.

Published: June 15, 2015; 10:59:00 AM -04:00
V2: 5.0 MEDIUM